Best Practices Guide
Managing exception objects
When a particular alert is declared as a false positive, the next decision is whether to disable the corresponding attack altogether OR apply a particular exception object to that attack that will disable alerting for a particular IP address or range of IP addresses. In almost all cases, it is a best practice to implement the latter.
For more information, see Managing Exception Objects and Attack Responses, McAfee Network Security Platform IPS Administration Guide.
Details are available in the Network Security Platform 8.2 IPS Administration Guide available from the support portal
Network Security Platform documentation reference guide
Technical Articles ID: KB76064